Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. | |||||
| CVE-2009-0771 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | |||||
| CVE-2009-0773 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | |||||
| CVE-2009-0775 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | |||||
| CVE-2009-0777 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | |||||
| CVE-2009-0791 | 1 Apple | 1 Cups | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. | |||||
| CVE-2009-0793 | 2 Littlecms, Sun | 2 Lcms, Openjdk | 2017-09-29 | 4.3 MEDIUM | N/A |
| cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | |||||
| CVE-2009-0798 | 1 Tim Hockin | 1 Acpid | 2017-09-29 | 5.0 MEDIUM | N/A |
| ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. | |||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2017-09-29 | 7.5 HIGH | N/A |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | |||||
| CVE-2009-0810 | 1 Xatrix | 1 Xguestbook | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2009-0813 | 1 Imera | 1 Teamlinks | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters. | |||||
| CVE-2009-0826 | 1 Freedville | 1 Bloghelper | 2017-09-29 | 5.0 MEDIUM | N/A |
| BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
| CVE-2009-0827 | 1 Freedville | 1 Pollhelper | 2017-09-29 | 5.0 MEDIUM | N/A |
| PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | |||||
| CVE-2009-0828 | 1 Freedville | 1 Quotebook | 2017-09-29 | 5.0 MEDIUM | N/A |
| QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request. | |||||
| CVE-2009-0831 | 1 Php-fusion | 2 Members Cv Module, Php-fusion | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2009-0833 | 2 Myplugins, Nullsoft | 2 Gen Msn, Winamp | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0863 | 1 Matteoiammarrone | 1 S-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2017-09-29 | 7.5 HIGH | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | |||||
| CVE-2009-0866 | 1 Phnews | 1 Phnews | 2017-09-29 | 5.0 MEDIUM | N/A |
| pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | |||||
| CVE-2009-0881 | 1 Josema Enzo | 1 Isiajax | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0883 | 1 Amunak | 1 Blue Eye Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | |||||
| CVE-2009-0885 | 1 Mediacommands | 1 Media Commands | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | |||||
| CVE-2009-0886 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. | |||||
| CVE-2009-0908 | 1 Vmware | 1 Ace | 2017-09-29 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder. | |||||
| CVE-2009-0909 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435. | |||||
| CVE-2009-0910 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2017-09-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436. | |||||
| CVE-2009-0913 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options. | |||||
| CVE-2009-0914 | 1 Opera | 1 Opera Browser | 2017-09-29 | 9.3 HIGH | N/A |
| Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | |||||
| CVE-2009-0915 | 2 Opera, Opera Software | 2 Opera, Opera Web Browser | 2017-09-29 | 6.8 MEDIUM | N/A |
| Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. | |||||
| CVE-2009-0923 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server. | |||||
| CVE-2009-0965 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. | |||||
| CVE-2009-0966 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2009-0968 | 2 Fahlstad, Wordpress | 2 Fmoblog Plugin, Wordpress | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1023 | 1 Phpcomasy | 1 Phpcomasy | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||||
| CVE-2009-1024 | 1 Beerwin | 1 Phplinkadmin | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors. | |||||
| CVE-2009-1025 | 1 Beerwin | 1 Phplinkadmin | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-1026 | 1 Kimwebsites | 1 Kim Websites | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1028 | 1 Edisys | 1 Ezip Wizard | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file. | |||||
| CVE-2009-1032 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2009-1033 | 1 Deluxebb | 1 Deluxebb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | |||||
| CVE-2009-1038 | 1 Yap | 1 Yap Blog | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php. | |||||
| CVE-2009-1040 | 1 Winasm | 1 Winasm Studio | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file. | |||||
| CVE-2009-1041 | 1 Freebsd | 1 Freebsd | 2017-09-29 | 7.2 HIGH | N/A |
| The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. | |||||
| CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 5.0 MEDIUM | N/A |
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||||
| CVE-2009-1049 | 1 Kamads | 1 Bloginator | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1050 | 1 Kamads | 1 Bloginator | 2017-09-29 | 7.5 HIGH | N/A |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | |||||
| CVE-2009-1057 | 1 Microsmarts | 1 Zipitfast\! | 2017-09-29 | 10.0 HIGH | N/A |
| MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product. | |||||
| CVE-2009-1058 | 1 Zipgenius | 1 Zipgenius | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product. | |||||
| CVE-2009-1059 | 1 Powerzip | 1 Powerzip | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product. | |||||
| CVE-2009-1063 | 1 Brother Soft | 1 Exescope | 2017-09-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file. | |||||